You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa packagekit

Sigurnosni nedostaci programskog paketa packagekit

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4538-1
September 24, 2020

packagekit vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in PackageKit.

Software Description:
– packagekit: Provides a package management service

Details:

Vaisha Bernard discovered that PackageKit incorrectly handled certain
methods. A local attacker could use this issue to learn the MIME type of
any file on the system. (CVE-2020-16121)

Sami Niemimäki discovered that PackageKit incorrectly handled local deb
packages. A local user could possibly use this issue to install untrusted
packages, contrary to expectations. (CVE-2020-16122)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
packagekit 1.1.13-2ubuntu1.1

Ubuntu 18.04 LTS:
packagekit 1.1.9-1ubuntu2.18.04.6

Ubuntu 16.04 LTS:
packagekit 0.8.17-4ubuntu6~gcc5.4ubuntu1.5

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://usn.ubuntu.com/4538-1
CVE-2020-16121, CVE-2020-16122

Package Information:
https://launchpad.net/ubuntu/+source/packagekit/1.1.13-2ubuntu1.1
https://launchpad.net/ubuntu/+source/packagekit/1.1.9-1ubuntu2.18.04.6
https://launchpad.net/ubuntu/+source/packagekit/0.8.17-4ubuntu6~gcc5.4ubuntu1.5

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9ssI0ACgkQZWnYVadE
vpPrqg//bzWwXJHSe6BrwAdbJiYWnnfTtP0SwIE0fX6VrjQPIGkWrC0Z4K84b0Th
MM5i0xL88L3CSJlMhj1bo2g+sLHkfU2wuyhm05MKf5guD857I8t2BPt5zGSrXVJh
37tcIngz+GwyIDseJ1R7DoOMtbzxtvLpmyMEJz2VlrefhZBt+I2c0+xE8fQ5pRUh
i2dXkDgoAh+F/1mFtrocpZGTABEUscwe0bXN6qo17wBIBUvW/nVj4EipF/str7Bx
GgM2pmJrFJ31cYsUR4wpHpEWul2CAzfD+6nvThJZbEkiCupz642xUqT1gYjmjOWl
VBK+sHVP24dTP34Rk/pRWnSZH4N798vLLBV911lZxd0YC+mDMjjFi9ggatu6xw2C
aZx5N9c+geCYWvI65VP1F14pAkRrUT+oTF+UzC+azansCxtSS8NTuslnvmbFUcsl
aiuXtSnwL1qQlg/VXhcEtNuBqjNAp8wNLCqY17cWbN4MZeJmwJIY0/AO3yAl8zZz
M6Jw4v3LekspnjY9CDOMMAIC28PZPj19Az/dseLx0BqcpV/0iCozT4l4HfNvx0PK
Lmn0cqLNJCTCPZuBoO/v4LN7YTwZy9btjry66hnw9fPN+Gowcd5wPStAbLVc/5lh
jP542XmheMlp9OD1XBTaDDCtaXn6EwDeK1ZGZdGMjJOtU+PqwPA=
=grJl
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa spip

Otkriveni su sigurnosni nedostaci u programskom paketu spip za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close